diff options
Diffstat (limited to 'attachment.cgi')
| -rwxr-xr-x | attachment.cgi | 38 |
1 files changed, 28 insertions, 10 deletions
diff --git a/attachment.cgi b/attachment.cgi index 0078a4c16..57706d5e0 100755 --- a/attachment.cgi +++ b/attachment.cgi @@ -52,6 +52,7 @@ use Bugzilla::Attachment; use Bugzilla::Attachment::PatchReader; use Bugzilla::Token; use Bugzilla::Keyword; +use Bugzilla::Hook; use Encode qw(encode find_encoding); @@ -76,6 +77,12 @@ local our $vars = {}; my $action = $cgi->param('action') || 'view'; my $format = $cgi->param('format') || ''; +# BMO: Don't allow updating of bugs if disabled +if (Bugzilla->params->{disable_bug_updates} && $cgi->request_method eq 'POST') { + ThrowErrorPage('bug/process/updates-disabled.html.tmpl', + 'Bug updates are currently disabled.'); +} + # You must use the appropriate urlbase/sslbase param when doing anything # but viewing an attachment, or a raw diff. if ($action ne 'view' @@ -174,7 +181,7 @@ sub validateID { { attach_id => scalar $cgi->param($param) }); # Make sure the attachment exists in the database. - my $attachment = new Bugzilla::Attachment($attach_id) + my $attachment = new Bugzilla::Attachment({ id => $attach_id, cache => 1 }) || ThrowUserError("invalid_attach_id", { attach_id => $attach_id }); return $attachment if ($dont_validate_access || check_can_access($attachment)); @@ -186,7 +193,7 @@ sub check_can_access { my $user = Bugzilla->user; # Make sure the user is authorized to access this attachment's bug. - Bugzilla::Bug->check($attachment->bug_id); + Bugzilla::Bug->check({ id => $attachment->bug_id, cache => 1 }); if ($attachment->isprivate && $user->id != $attachment->attacher->id && !$user->is_insider) { @@ -380,6 +387,9 @@ sub view { # Return the appropriate HTTP response headers. $attachment->datasize || ThrowUserError("attachment_removed"); + # BMO add a hook for github url redirection + Bugzilla::Hook::process('attachment_view', { attachment => $attachment }); + $filename =~ s/^.*[\/\\]//; # escape quotes and backslashes in the filename, per RFCs 2045/822 $filename =~ s/\\/\\\\/g; # escape backslashes @@ -448,7 +458,7 @@ sub diff { # HTML page. sub viewall { # Retrieve and validate parameters - my $bug = Bugzilla::Bug->check(scalar $cgi->param('bugid')); + my $bug = Bugzilla::Bug->check({ id => scalar $cgi->param('bugid'), cache => 1 }); my $bugid = $bug->id; my $attachments = Bugzilla::Attachment->get_attachments_by_bug($bugid); @@ -496,7 +506,8 @@ sub enter { my $flag_types = Bugzilla::FlagType::match({'target_type' => 'attachment', 'product_id' => $bug->product_id, - 'component_id' => $bug->component_id}); + 'component_id' => $bug->component_id, + 'is_active' => 1}); $vars->{'flag_types'} = $flag_types; $vars->{'any_flags_requesteeble'} = grep { $_->is_requestable && $_->is_requesteeble } @$flag_types; @@ -535,13 +546,23 @@ sub insert { # Must be called before create() as it may alter $cgi->param('ispatch'). my $content_type = Bugzilla::Attachment::get_content_type(); - # Get the filehandle of the attachment. - my $data_fh = $cgi->upload('data'); + # Get the attach data + my $data = scalar($cgi->param('attach_text')); + if ($data) { + # Convert to unix line-endings if pasting a patch + if (scalar($cgi->param('ispatch'))) { + $data =~ s/[\012\015]{1,2}/\012/g; + } + } + else { + # Get the filehandle of the attachment. + $data = $cgi->upload('data'); + } my $attachment = Bugzilla::Attachment->create( {bug => $bug, creation_ts => $timestamp, - data => scalar $cgi->param('attach_text') || $data_fh, + data => $data, description => scalar $cgi->param('description'), filename => $cgi->param('attach_text') ? "file_$bugid.txt" : scalar $cgi->upload('data'), ispatch => scalar $cgi->param('ispatch'), @@ -617,8 +638,6 @@ sub edit { my $bugattachments = Bugzilla::Attachment->get_attachments_by_bug($attachment->bug_id); - # We only want attachment IDs. - @$bugattachments = map { $_->id } @$bugattachments; my $any_flags_requesteeble = grep { $_->is_requestable && $_->is_requesteeble } @{$attachment->flag_types}; @@ -777,7 +796,6 @@ sub delete_attachment { # The token is valid. Delete the content of the attachment. my $msg; $vars->{'attachment'} = $attachment; - $vars->{'date'} = $date; $vars->{'reason'} = clean_text($cgi->param('reason') || ''); $template->process("attachment/delete_reason.txt.tmpl", $vars, \$msg) |